CVE-2025-30931
WordPress «Подсказки» от DaData.ru <= 1.0.6 - Cross Site Scripting (XSS) VulnerabilityImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamil Shafeev «Подсказки» от DaData.ru allows Stored XSS. This issue affects «Подсказки» от DaData.ru: from n/a through 1.0.6.
We have discovered 113 live websites that are affected by CVE-2025-30931.
Affected Software
| Product |  Dadata Ru |
| Category | Wordpress Plugins |
| Vulnerable Domains | 113 live websites (100% of Dadata Ru install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 2 versions ( 100% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jun 6, 2025
- Updated - Jun 6, 2025
Credits
- Nabil Irawan (Patchstack Alliance) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-30931 United States | 3 websites |
 Russia | 110 websites |
Website Distribution by TLD
Number of websites using CVE-2025-30931| .ru | 90 websites |
| .com | 8 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-30931
Top websites that are affected by CVE-2025-30931. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.ru | Russia | ***,*** | |
| *******.ru | Russia | *,***,*** | |
| *********.ru | Russia | *,***,*** | |
| ************************.xn--p1ai | Russia | *,***,*** | |
| ********.ru | Russia | *,***,*** | |
| *******.ru | United States | *,***,*** | |
| ********.ru | Russia | *,***,*** | |
| ***************.xn--p1ai | Russia | **,***,*** | |
| ***********.ru | Russia | **,***,*** | |
| ********.ru | Russia | **,***,*** |
FAQ
CVE-2025-30931 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Dadata Ru
A total of 113 websites have been identified as vulnerable to CVE-2025-30931, based on global website indexing conducted by WebTechSurvey.
The Dadata Ru is affected by the CVE-2025-30931 vulnerability.
Dadata Ru versions up to and including 1.0.6 are vulnerable to CVE-2025-30931.